ISC - Collection of 31 Best Practices for Cyber-Security Awareness

After over a decade in the security profession, there's nothing I enjoy better than seeing Best Practices shared that help protect folks from the continous and evolving threats. October was "cyber-security awareness" month and the Internet Storm Center handlers (plus the readers) did an awesome job in sharing how we can better protect ourselves from the dangerous risks out there.

Cyber Security Awareness Month - Summary and Links
http://isc.sans.org/diary.html?storyid=3597

1. Establishing a User Awareness Training Program
1 Penetrating the "This Does Not Apply To Me" Attitude
2 Multimedia Tools, Online Training, and Useful Websites
3 Getting the Boss Involved
4 Enabling the Road Warrior
5 Social Engineering and Dumpster Diving Awareness
6 Developing and Distributing Infosec Policies

2. Best Practices
7 Host-based Firewalls and Filtering
8 Anti-Virus, Anti-Spyware, and Other Protective Software
9 Access Controls, Including Wireless, Modems, VPNs, and Physical Access
10 Authentication Mechanisms (Passwords, Tokens, Biometrics, Kerberos, NTLM, Radius)
11 File System Backups
12 Managing and Understanding Logs on the Desktop or Laptop (AV, Firewall, or System Logs)
13 Patching and Updates

3. Hardware/Software Lockdown
14 Data Encryption
15 Protecting Laptops
16 Protecting Portable Media like USB Keys, iPods, PDAs, and Mobile Phones
17 Windows XP/Vista Tips
18 Mac Tips
19 Linux Tips
20 Software Authenticity (Digital Signatures, MD5, etc.)

4. Safe Internet Use
21 Understanding Online Threats, Phishing, Fraud, Keystroke Loggers
22 Detecting and Avoiding Bots and Zombies
23 Using Browsers, SSL, Domain Names
24 Not All Patches Are Released on a Tuesday
25 Using Email, PGP, X509 Certs, Attachments, Instant Messaging and IRC
26 Safe File Swapping
27 Online Games and Virtual Worlds

5. Privacy and Protection of Intellectual Property
28 Cookies
29 Insider Threats
30 Blogging and Social Networking
31 Legal Awareness (Regulatory, Statutory, etc.)